Have you ever needed to create SAN self-signed certificates before? This will help make the process easier. Duplicate line 18 and increment the counter for each additional `alt_name` you need in the cert.

internal-ssl.conf

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = NY
L = New York City
O = Company Name
OU = Company Department
CN = internal-ssl.website.tld
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.internal-ssl.website.tld
DNS.2 = internal-ssl.website.other-tld

Makefile

all: internal-ssl.key internal-ssl.pem

internal-ssl.pem: internal-ssl.conf
    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout internal-ssl.pem -out internal-ssl.pem -config internal-ssl.conf -extensions 'v3_req'

internal-ssl.key: internal-ssl.conf
    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout internal-ssl.key -out internal-ssl.crt -config internal-ssl.conf -extensions 'v3_req'